Spyware comes in many forms, and before you can tackle the problem, it’s useful to know the basic differences.
Nuisanceware is often bundled with legitimate apps. It interrupts your web browsing with pop-ups, changes your homepage or search engine settings, and may also gather your browsing data in order to sell it off to advertising agencies and networks.
Although considered malvertising, nuisanceware is generally not dangerous or a threat to your core security. Instead, these malware packages are focused on illicit revenue generation by infecting machines and creating forced ad views or clicks.
There’s also basic spyware. These generic forms of malware steal operating system and clipboard data and anything of potential value, such as cryptocurrency wallet data or account credentials. Spyware isn’t always targeted and may be used in general phishing attacks.
Spyware may land on your device through phishing, malicious email attachments, social media links, or fraudulent SMS messages.
Advanced spyware, also known as stalkerware, is a step up from basic spyware. Unethical and sometimes dangerous, this malware is sometimes found on desktop systems, but it is now most commonly implanted on phones. Spyware and stalkerware may be used to monitor emails and SMS and MMS messages sent and received; to intercept live calls for the purpose of eavesdropping across standard telephone lines or Voice over IP (VoIP) applications; to covertly record environmental noise or take photos; to track victims via GPS; or to hijack social media apps such as Facebook and WhatsApp. Stalkerware may also include keylogging features.
Stalkerware is typically used to spy on someone as an individual and watch what they do, say, and where they go. Stalkerware is commonly linked to cases of domestic abuse.
Finally, there’s government-grade commercial spyware. Pegasus is the most well-known recent case, sold to governments as a tool for combating terrorism and for law enforcement purposes. Pegasus ultimately was found on smartphones belonging to journalists, activists, political dissidents, and lawyers.
In November 2022, the Google Threat Analysis Group (TAG) published details on Heliconia, a new commercial spyware framework with a potential link to a private Spanish company.